"But I would think that it would be the responsibility of every individual/company that keeps customer/client details to make sure they follow the new regulations. "
I guess you are right Inger, but what about form output that is stored on the S-drive? Contact forms contain client data which raises the question of SSL- encryption and data storage. In the end this is still the responsability of the individual company, but I wonder if Coffeecup should be considered a Data Processor? In that case we would need a Terms of Service document describing these details. We could then refer our clients to this document.
Following your advise I will submit a separate support ticket.
doesn't CoffeeCup have a Terms of Service document?
Fortunately, if you look around, there's a number of places where you can get templates covering these things that are available cheaply, some even free -- but they always advise you to carefully check them to make sure they cover your specifics.
All of which, as you suggest, means SSLs etc etc should at least be considered by us all -- and again, there're a variety of these at a variety of prices, with different levels of security, and price not always being a good indicator of actual level of security. But, again, if you look around most hosting providers provide some degree of support in this area -- some even have the cost included as part of your hosting fees.